Ok, well, somebody suggested something which certainly does the job, and the only question remaining is whether or not you feel it's secure enough.
encfs, and cryptkeeper . Encfs is a command-line utility to create and mount encrypted folders. It can do either blowfish or aes, in various strengths. For every file that lives inside the encrypted folder, there is a corresponding encrypted file with encrypted filename in a different directory. Cryptkeeper is a gui interface that runs encfs behind the scenes. Makes it really easy and convenient for you to create/destroy, mount/dismount encrypted folders. But there's one feature missing: I don't see any way to specify the type of encryption you want. I think (but haven't confirmed) that the default is blowfish 128bit. Pros: When you run your incremental backups, only the files that have changed get backed up. Only the necessary disk space is consumed. There is no size limit for your encrypted volume. The only limit is your hard drive. Cons: When the volume is dismounted . Someone with root privilege on your hard drive (or as you) can still see the number of files, and size of each one. It's easy to locate all the encrypted files. It's easy to see when files were modified. Timestamps update on modification. There is only one password; administrators cannot set a master pass. If you forget your pass, it's game over. From: [email protected] [mailto:[email protected]] On Behalf Of Edward Ned Harvey Sent: Saturday, January 02, 2010 12:04 AM To: [email protected] Subject: [lopsa-tech] Truecrypt versus ... Normally, I love Truecrypt, but there are two specific obstacles for now . #1 It seems, in Linux, Truecrypt can't create a sparse file container volume. You're required to allocate the whole volume at creation time. Are you guys using Truecrypt in Linux, or would you recommend something else? #2 Regardless of platform, Truecrypt stores the volume in a single file. They say this provides improved security as compared to a bunch of smaller files with timestamps that update as they're modified (ala sparsebundle) . But the sparsebundle approach has one major advantage. You're able to simply run incremental backup software on your hard drive, and your encrypted volume will be correctly backed up as efficiently as possible (only backing up the various 8M chunks that were modified.) . Unfortunately backing up Truecrypt volumes can be difficult, because they're huge, and non-segmented. You've got to backup the entire volume every time. Does anybody have any suggestions to solve either of these two problems, or recommend a different product instead of TrueCrypt? Thanks.
_______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
